iptables

Kenneth Burgener kenneth at mail1.ttak.org
Thu Oct 21 08:36:30 MDT 2010


----------------
Date: 10/21/2010 7:45 AM
From: Wade Preston Shearer <wadeshearer.lists at me.com>

Wade Preston Shearer wrote:
> On 21 Oct 2010, at 6:35, Stuart Jansen wrote:
>> As long as you're already using one stateful rule, might as well make
>> the others stateful too. In other words replace:
>> -A INPUT -p tcp -m tcp --dport X -j ACCEPT
>> with
>> -A INPUT -p tcp -m state --state NEW -m tcp --dport X -j ACCEPT
>>
>> Here's what I would do based on your current rules:
>>
>> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>> -A INPUT -p tcp -m state --state -m tcp --dport 25 -j ACCEPT
>> -A INPUT -p tcp -m state --state -m tcp --dport 80 -j ACCEPT
> I dropped it in and tried to restart iptables but received an error:
>
> Applying iptables firewall rules: iptables-restore v1.3.5: Bad state `-m'
> Error occurred at line: 9


That would be because it should read "-m state --state NEW".  The state 
is missing.

Kenneth




More information about the PLUG mailing list